IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN

SERVICES

LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN SERVICES

This lab contains the following projects and activities:

Part 1
Project 2.1 Installing the Active Directory Domain Services Role
Project 2.2 Installing a New Forest and Domain
Project 2.3 Verifying SRV Record Creation
Part 2
Project 2.4 Creating User Accounts for Lab Use
Project 2.5 Installing a Child Domain
Project 2.6 Verifying Child Domain SRV Records
Project 2.7 Installing a Read-Only Domain Controller
Project 2.8 Installing a Server Core Domain Controller

Lab 2 Dependencies
You must complete Lab 1, Project 1.2, for this lab to work properly.
For ease of reference, record the static IP address of each server that you will be working with in this
lab;

Writeable Domain Controller:

Server Name: RWDC
IP Address: 192.168.1.101
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1

Read-Only Domain Controller: (will come later)

Server Name: RWDC
IP Address: 192.168.1.102
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1

Server Core: (will come later)

Server Name: SCDC
IP Address: 192.168.1.103
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1

SCENARIO You are the network administrator of Kalibobo Toys. You are assigned to install
a new forest root for the company. After you complete the installation, you
must verify that the installation was successful. Then you must install a child
domain in the new forest. During this lab, you will perform several tasks.
OUTCOMES After completing this lab, you will be able to:
Create an Active Directory forest and domain tree.
Install a child domain and domain controller
Verify SRV records
Install a Read-Only Domain Controller
Install a Server Core Domain Controller
Automate the installation of Active Directory
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

COMPLETION TIME 115 minutes

Project 2.1 Installing the Active Directory Domain Services Role

Overview You have just installed a new Windows Server 2008 computer using the default
installation settings. Now you need to add the Active Directory Domain Services role
before you can configure it as a domain controller.
Outcomes After completing this project, you will know how to:
Add the Active Directory Domain Services role to a Windows Server 2008
computer using Server Manager.
Completion 10 minutes
time
Precautions Be sure that you have completed Project 1.2 in Lab 1 before beginning this project.

Note: Use screen shots where necessary to indicate your completion of each step.

1. Press Ctrl+Alt+Delete on the RWDC computer (Your server). Expand the Server Manager
window to fit the full screen, if necessary.
2. In the left pane of Server Manager, double-click Roles.
3. Click Add Role. Click Next to bypass the initial Welcome window. The Select Server Roles
window is displayed.
4. Place a checkmark next to Active Directory Domain Services. Click Next. The Active
Directory Domain Services window is displayed.
5. Read the introductory information about Active Directory Domain Services and click
Next. The Confirm Installation Selections window is displayed.
6. Read the confirmation information to prepare for the installation. Click Install to install
the Active Directory Domain Services role. The Installation Results window is displayed.
7. Read the information contained on this window and click Close.

Question 1 What does this window indicate must be done next?

IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

8. Log out of the Windows Server 2008

9. Expand the I.C.T window to fill the screen if necessary.

Question What are the three main tasks listed on the Initial Configuration Task Window?
1

https://downloads.sourceforg
e.net/project/xampp/XAMPP
%20Windows/1.8.0/xampp-
win32-1.8.0-VC9-
installer.exe?r=https%3A%2F
%2Fsourceforge.net%2Fproje
https://downloads.sourcefo
cts%2Fxampp%2Ffiles%2FXA
rge.net/project/xampp/XA
MPP%2520Windows%2F1.8.0
MPP%20Windows/1.8.0/xa
%2F&ts=1501288458&use_m
mpp-win32-1.8.0-VC9-
irror=nchchttps://downloads.
installer.exe?r=https%3A%2
sourceforge.net/project/xam
F%2Fsourceforge.net%2Fpr
pp/XAMPP%20Windows/1.8.
Question What isojects%2Fxampp%2Ffiles%2
0/xampp-win32-1.8.0-VC9-
the current time zone?
2 FXAMPP%2520Windows%2F
installer.exe?r=https%3A%2F
1.8.0%2F&ts=1501288458&
%2Fsourceforge.net%2Fproje
use_mirror=nchchttps://do
cts%2Fxampp%2Ffiles%2FXA
wnloads.sourceforge.net/pr
MPP%2520Windows%2F1.8.0
oject/xampp/XAMPP%20Wi
%2F&ts=1501288458&use_m
ndows/1.8.0/xampp-win32-
irror=nchc
1.8.0-VC9-
installer.exe?r=https%3A%2
F%2Fsourceforge.net%2Fpr
ojects%2Fxampp%2Ffiles%2
FXAMPP%2520Windows%2F
1.8.0%2F&ts=1501288458&
use_mirror=nchc
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

10. Click Set Time Zone. The Date and Time window will be displayed.
11. Click Change Time Zone. The Time Zone Settings window will be displayed.
12. In the Time Zone dropdown box, select the appropriate time zone and click OK. You will
return to the Date and Time window.

Question 3 Why does a shield icon appear next to the Change Date and Time button?

Changes have to be made by previledge users (admins).

13. Click OK to return to the ICT window.

14. Click Enable Automatic Updating and Feedback. The window will be displayed.
15. Click Enable Automatic Updating and Feedback (Recommended), and then click Close.
16. Click Provide Computer Name and Domain. The System Properties window will be
displayed.
Question 4 What is the current name of your computer?
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

17. On the Computer Name tab, click Change. The Computer Name/Domain Changes
window is displayed.
18. In the Computer Name text box, type RWDC for your computer name. Click OK. A
message will inform you to restart. Click OK.

Project 2.2 Installing a New Forest and Domain

Overview Your manager has assigned you to install a new Active Directory environment. You
must begin by installing the forest root domain controller in the forest root domain. In
this project, you will install Active Directory on the RWDC computer in your VM. You
will allow the Active Directory Installation Wizard to install and configure the Domain
Name System (DNS) service automatically.
Outcomes After completing this project, you will know how to:
Configure the forest root domain in a new Active Directory forest.
Completion 20 minutes
time
Precautions Be sure that you have completed Project 1.2 in Lab 1 before beginning this project.

1. Log on to the RWDC as Administrator. The Server Manager window will be displayed automatically.
Expand the Server Manager window to fit the full screen, if necessary.
2. In the left pane of Server Manager, double-click Roles. In the right pane, you will see the number of
roles that are installed on this server and the names of those roles.

Question 5 What roles are currently installed?

IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

Question 6 Why do you think this role has a red X next to it?

Means the service is disabled or not active. Server in not yet running as a
domain controller

3. Click Active Directory Domain Services. The Active Directory Domain Services window is displayed.

Question 7 What warning do you see on the Summary window?

IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

4. Click Run The Active Directory Domain Services Installation Wizard (dcpromo.exe)
5. Place a checkmark next to Use Advanced Mode Installation and click Next. The Operating System
Compatibility window is displayed.
6. Read the presented information and then click Next. The Choose A Deployment Configuration
window is displayed.
7. Click the Create A New Domain In A New Forest radio button and click Next. The Name The Forest
Root Domain windows is displayed.
8. Key domain.local as the FQDN of the forest root domain. Click Next to continue. The Domain
NetBIOS Name is displayed.

Question What name has been automatically entered as the NetBIOS

8 name for your domain?

9. Click Next to accept the default NetBIOS name. The Set Forest Functional Level window is displayed.
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

Question 9 What is the default forest functional level selected on this window?

Windows Server 2003

10. Select Windows Server 2003 from the Forest Functional Level dropdown box and click Next. The Set
Domain Functional Level window is displayed. Notice that the default option is now Windows
Server 2003.

Question Why has the default changed from Windows 2000?

10

Because, the features available in windows server 2003

domain functional level include all features available in
windows server 2000 domain function level.
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

11. Click Next to accept Windows Server 2003 as the domain functional level. This Additional Domain
Controller Options window is displayed.

Question 11 Which options are selected by default? Which option is greyed out to indicate
that it is mandatory? Why is this option mandatory?

Global catalogue is a mandatory options for the to support AD DS

installation because the first domain controller in a forest must be a global
catalogue server and cannot be a RODC

12. Accept the default selections and click Next. One or more Active Directory Domain Services
Installation Wizard warning windows are displayed sequentially.
13. Read each warning and click Yes to continue. The Location For Database, Log Files, And SYSVOL
window is displayed.

Question 12 What are the default locations for the Active Directory Domain Services files?
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

14. Click Next to accept the default selections and continue. The Directory Services Restore Mode
Administrator Password window is displayed.
15. Key MSPress#1 or your own password (dont forget to store it somewhere). Click Next to continue.
The Summary window is displayed.

Question 13 What is the purpose of the Directory Services Restore Mode password?

The DSRM password is required for logon to Domain Controller when Active
Directory Domain Services (AD DS) is not running, either because AD DS is
stopped or because the domain controller has been started in DSMR

16. Review your installation choices and click Next to continue. The Active Directory Domain Services
Installation Wizard window is displayed, indicating that the Active Directory Domain Services service
is being installed. Then, the Completing The Active Directory Domain Services Installation Wizard is
displayed.
17. Click Finish. When prompted, click Restart Now to restart the newly configured domain controller.
Project 2.3 Verifying SRV Record Creation
Overview You have just completed the installation of a domain controller. Your colleague asks
you to verify the Lightweight Directory Access Protocol (LDAP) service locations (SRV)
resource record for the domain controller.
Outcomes After completing this project, you will know how to:
Use nslookup to verify DNS SRV records.
Completion 5 minutes
time
Precautions N/A

1. Login to the RWDC server using administrative username and password.

Question 14 How has the login window changed now that you have promoted this
computer to domain controller status?
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

2. Open a command-prompt window.

3. Key nslookup in the command-prompt window. Press Enter.

If you see an error message that says Cant find server name for that address,
followed by the IP address of your server, this means that your DNS server does not
NOTE

have a reverse lookup zone configured. You can disregard this error for now.

4. Key set type=srv and press Enter.

5. Key _ldap._tcp.dc._msdcs.domain.local and press Enter. If you are working on the RWDC
computer, the LDAP SRV resource record for the domain controller of your domain is displayed.
If an error occurs this means that the lookup operation timed out or that the domain does not
exist.

Question 15 Why does the RWDC computer receive this error message if it did appear?

6. Key exit and press Enter.

7. Close the command-prompt window and log off.

Next projects in this same lab will be 2

IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

Part 2:
Project 2.5 Installing a Child Domain
Project 2.6 Verifying Child Domain SRV Records
Project 2.7 Installing a Read-Only Domain Controller
Project 2.8 Installing a Server Core Domain Controller

Project 2.4 Creating User Accounts for Lab Use

Overview You have just completed the installation of a domain controller. Now you will create
dedicated user accounts for each user to prepare for subsequent projects in this lab.
Outcomes After completing this project, you will know how to:
Create an Active Directory user account.
Add an Active Directory user account to an Active Directory group
Completion 10 minutes
time
Precautions This project must be completed on the RWDC server.

PART A: Create a User Account for 10 users

1. Login to the RWDC server.

2. Click Start, Administrative Tools, and then click Active Directory Users and Computers

Ten (10) new users created

Question 14 How has the login window changed now that you have promoted this
computer to domain controller status?
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES

Some features that were not visible and accessible before are now available
after being promoted this computer to domain controller status
IS410 ADVANCE NETWORK MANAGEMENT LAB 4 INSTALLING ACTIVE DIRECTORY DOMAIN
SERVICES